Bugtraq mailing list archives
Re: Cisco HSRP Weakness/DoS
From: Damir Rajnovic <gaus () cisco com>
Date: Wed, 16 May 2001 07:42:10 +0100
Hello, Seems that this mail has been lost again. Gaus ====================== My previous mail seems to be lost due to the mail server problems so here is the response again. In response to this mail sent by bashis on Bugtraq: At 19:57 03/05/2001 +0200, bashis wrote:
I was playing with Cisco's HSRP (Hot Standby Routing Protocol), and there is a (major) weakness in that protocol that allow any host in a LAN segment to make a HSRP DoS.
[truncated, see http://www.securityfocus.com/archive/1/182008] We can confirm that described vulnerability is present in the HSRP and, at the present time, there is no workaround for it. Cisco is deliberating usage of IP authenticated header for HSRP and VRRP (Virtual Router Redundancy Protocol, RFC2338) in the future releases of IOS. However, there are some other factors that must be considered in this context: - this vulnerability can be exploited only from the local segment (not over the Internet), - the same effect, denial of service, can be produced by using ARP, which can not be protected in any way The last issue is especially important since it may cause a false sense of security if user is using a hardened version the protocol (whichever protocol). Even by using VRRP and ESP+AH option, an attacker can still disrupt the network by using ARP. Regards, Gaus ============== Damir Rajnovic <psirt () cisco com>, PSIRT Incident Manager, Cisco Systems <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> Phone: +44 7715 546 033 4 The Square, Stockley Park, Uxbridge, MIDDLESEX UB11 1BN, GB ============== There is no insolvable problems. Question remains: can you accept the solution?
Current thread:
- Cisco HSRP Weakness/DoS bashis (May 03)
- <Possible follow-ups>
- Re: Cisco HSRP Weakness/DoS Steven M. Bellovin (May 03)
- Re: Cisco HSRP Weakness/DoS bashis (May 05)
- Re: Cisco HSRP Weakness/DoS Damir Rajnovic (May 16)